The Shoreline Firewall, more commonly known as "Shorewall", is a high-level tool for configuring Netfilter. You describe your firewall/gateway requirements using entries in a set of configuration files. Shorewall reads those configuration files and with the help of the iptables utility, Shorewall configures Netfilter to match your requirements. Shorewall can be used on a dedicated firewall system, a multi-function gateway/router/server or on a standalone GNU/Linux system. Shorewall does not use Netfilter's ipchains compatibility mode and can thus take advantage of Netfilter's connection state tracking capabilities.

Shorewall is not a daemon. Once Shorewall has configured Netfilter, it's job is complete. After that, there is no Shorewall code running although the /sbin/shorewall program can be used at any time to monitor the Netfilter firewall.

At the time of writing, the latest version of Shorewall is 2.0.6. For more information on the Shoreline Firewall, visit http://www.shorewall.net/.

I add that the how to on "http://unofficial-support.com/node/view/46"
is outdated since now shorewall supports zones. However it gives a good idea on how to install it on cpanel . Especially the how to regarding the rules is not complete . Reading the documentation you should not have problems to write good rules .For security reasons I prefer to don't post here my rules and zones.